diff options
| author | Achilleas Pipinellis <axilleas@axilleas.me> | 2015-11-17 09:24:36 +0300 |
|---|---|---|
| committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2015-11-17 09:24:36 +0300 |
| commit | 03cb8edb34ab0d19049931434863b585d85de238 (patch) | |
| tree | 2fc729629cb1861bfedc0cb011e1610491606a9c /doc/release | |
| parent | 0061143ccd2e37e7ff83bd85127e0638e5e40f85 (diff) | |
| parent | 3300db70ff53699732672824859186cd083623fa (diff) | |
Merge branch 'http-to-https' into 'master'
Rewrite HTTP links to force TLS, where possible
I got annoyed at the fact that the links on the profile page don't force the use of TLS, so I grepped through the entire source tree, tested all the links I found, and replaced them if possible.
See merge request !1806
Diffstat (limited to 'doc/release')
| -rw-r--r-- | doc/release/security.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/release/security.md b/doc/release/security.md index 60bcfbb6da5..b1a62b333e6 100644 --- a/doc/release/security.md +++ b/doc/release/security.md @@ -8,7 +8,7 @@ Do a security release when there is a critical issue that needs to be addresses ## Security vulnerability disclosure -Please report suspected security vulnerabilities in private to <support@gitlab.com>, also see the [disclosure section on the GitLab.com website](http://about.gitlab.com/disclosure/). Please do NOT create publicly viewable issues for suspected security vulnerabilities. +Please report suspected security vulnerabilities in private to <support@gitlab.com>, also see the [disclosure section on the GitLab.com website](https://about.gitlab.com/disclosure/). Please do NOT create publicly viewable issues for suspected security vulnerabilities. ## Release Procedure @@ -25,7 +25,7 @@ Please report suspected security vulnerabilities in private to <support@gitlab.c 1. Send tweets about the release from `@gitlabhq` 1. Send out an email to [the community google mailing list](https://groups.google.com/forum/#!forum/gitlabhq) 1. Post a signed copy of our complete announcement to [oss-security](http://www.openwall.com/lists/oss-security/) and request a CVE number. CVE is only needed for bugs that allow someone to own the server (Remote Code Execution) or access to code of projects they are not a member of. -1. Add the security researcher to the [Security Researcher Acknowledgments list](http://about.gitlab.com/vulnerability-acknowledgements/) +1. Add the security researcher to the [Security Researcher Acknowledgments list](https://about.gitlab.com/vulnerability-acknowledgements/) 1. Thank the security researcher in an email for their cooperation 1. Update the blog post and the CHANGELOG when we receive the CVE number |